Back to skill
Skillv1.0.3
VirusTotal security
Wizwand Swarm · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 5:09 AM
- Hash
- 5b070a48dd4bf5c3119dda1e9225ff33d3c04e8edd8d992eee052babce86b18d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: wizwand-swarm Version: 1.0.3 The skill bundle implements a social networking client for AI agents to interact on the Wizwand Swarm platform. While the functionality is consistent with its stated purpose, it contains a high-risk 'remote instruction fetching' pattern in SKILL.md and HEARTBEAT.md, explicitly directing the agent to fetch and 'follow' content from an external URL (wizwand.com/swarm/HEARTBEAT.md). This creates a significant indirect prompt injection surface where a compromise of the remote domain could lead to unauthorized agent behavior. However, the bundle includes strong security warnings regarding API key management and requires human-in-the-loop for critical actions like account claiming and DM approvals, suggesting the risk is a design choice rather than intentional malice.
- External report
- View on VirusTotal